[VOIPSEC] fyi: How to wiretap or identify a GSM phone - and enable the masses

=JeffH Jeff.Hodges at KingsMountain.com
Thu Jun 4 18:43:02 EDT 2009


------- Forwarded Message

Date:    Wed, 03 Jun 2009 14:53:53 -0700
From:    John Gilmore <gnu at toad.com>
To:      cryptography at metzdowd.com, gnu at toad.com
Subject: How to wiretap or identify a GSM phone - and enable the masses

David Burgess, a software/radio engineer formerly employed in building
GSM-tapping equipment, has turned his efforts to publicly implementing
the GSM standards in free software under GPLv3.  He hopes to provide
low-cost GSM communication service to billions in underserved regions
of the world.  He also hopes to demystify the cellular networks for
a generation of hackers.

His OpenBTS software builds on the GNU Radio framework and the USRP
computer/radio interfaces to implement a fully functional GSM network
base station, making voice and SMS calls with ordinary GSM handsets,
and back-hauling via VoIP networks.  Early code was tested at Burning
Man last year, and he hopes to provide free communcation service to BM
participants this year (as well as doing some testing in field
conditions under serious load).

His understanding of the GSM protocols comes from reading the published
standards documents, which are written in bureaucratese but can be
decrypted without a secret key.  However, a former customer of his
has been suing him for alleged disclosure of trade secrets, claiming
that either the GSM protocol or perhaps the way to wiretap a GSM phone
is secret (the published court documents make vague allegations, as
usual).

David's blog, "The OpenBTS Chronicles" has a variety of interesting
posts, one of which links to a German patent on an IMSI-catcher which
lets wiretappers force a phone to identify itself, and to a UK High
Court decision that upholds it (and also reveals a Nokia patent on how
to do a man-in-the-middle attack on a GSM phone).  Clearly the things
revealed in these documents are not trade secrets.  But they may be of
interest to this list.

I also found that David's posting on "The Value of Knowing How Stuff
Works" struck a chord with me.

   http://openbts.blogspot.com/
   http://openbts.blogspot.com/2009/04/some-comments-on-imsi-catchers.html
   http://openbts.blogspot.com/2009/05/value-of-knowing-how-stuff-works.html

   http://en.wikipedia.org/wiki/OpenBTS
   http://www.gnuradio.org/trac/wiki/OpenBTS
   http://openbts.sourceforge.net/

	John

- ---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

------- End of Forwarded Message




More information about the Voipsec mailing list